{"id":69497,"title":"πŸ›‘ Escape - Secure your GraphQL APIs","tagline":"We help companies create Fast, Secure, and Reliable GraphQL APIs","body":"### **tl;dr:** **Securing GraphQL is hard.** Escape makes it easy for developers to build secure and reliable GraphQL APIs. **You can test it for free and get your results in seconds** using this link: \u003chttps://app.escape.tech/ycw23\u003e\n\nHello everyone, we are Antoine and Tristan, the founding team behind Escape.\n\n![uploaded image](/media/?type=post\u0026id=69497\u0026key=user_uploads/1231138/4111cf07-557b-4da5-ad36-d2336aa3913a)\n\n🧠 **Tristan** (left) previously worked as a **GraphQL Developer** and experienced himself the need for better tooling in this ecosystem. πŸ’ͺ **Antoine** (right) previously worked as a security engineer for the French Government and **Apple** 🍎 which led him to the journey of helping developers secure their code.\n\n### πŸ›‘ Why are we building Escape?\n\nGraphQL has seen exponential growth in the past years and is now used by 20% of all developers. Companies like **Paypal**, **Walmart**, **Twitter**, and **Airbnb** are now all relying on GraphQL APIs for **their** **core businesses**.\n\nYet, we observed that most - as in like **95%** - of GraphQL APIs that exist today are insanely vulnerable to cyberattacks.\n\nThe reason is simple: GraphQL has an entirely different structure than traditional APIs like REST.\n\nExisting security tools do not support it, leaving GraphQL developers and organizations completely blind to the security of what they release and **putting their business at risk**.\n\n### 🎯 Our solution\n\nWe aimed to build the GraphQL Security Testing tool that devs would love. As developers ourselves, we think such a tool would\n\n* _be_ **fast to run in CI/CD**\n* _be super_ **easy to set up** and maintain\n* _give_ **relevant results**\n\nExisting tools fail at achieving the latter because they rely on brute-forcing API requests. Thus, most requests are blocked at the validation layer, failing to test the actual code.\n\nAt Escape, **we developed a new approach called _feedback-driven API exploration_**. We crafted a graph traversal algorithm that learns from the API's responses how to generate requests that actually make sense from a business standpoint.\n\n![uploaded image](/media/?type=post\u0026id=69497\u0026key=user_uploads/1231138/4d4ffbf4-e5af-46b9-927d-904530700300)\n\n_Requests generated by bruteforce (left) vs. **Escape’s feedback-driven exploration** (right)_\n\nUsing this technique, we are able to pass the validation layer and test the code of the application at a deeper level than previous solutions. So far, we have achieved **more than 80% coverage** in most applications without fine-tuning.\n\n### πŸš€ let us assess the security of your GraphQL API for free in seconds\n\nIn only 6 months, we partnered with **Snyk** and **Postman**, got into the GraphQL foundation, and worked with companies like **Neo4j** and **ArangoDB**.\n\nπŸ‘‰ If you are using GraphQL yourself, you are welcome to try our platform and **get your application's security report for free**, as **we unlocked all the features for the YC community**: \u003chttps://app.escape.tech/ycw23\u003e!","slug":"I4v-escape-secure-your-graphql-apis","created_at":"2023-02-21T19:45:54.930Z","updated_at":"2026-05-25T00:48:56.717Z","total_vote_count":1096,"url":"https://www.ycombinator.com/launches/I4v-escape-secure-your-graphql-apis","share_image_url":"//bookface-static.ycombinator.com/assets/ycdc/yc-og-image-c440a0ad1dacfb86eeeb343717479cc54d256614449b4ef719977a0a451f8bc8.png","company":{"id":28216,"name":"Escape","slug":"escape","url":"https://escape.tech","logo":"https://bookface-images.s3.amazonaws.com/small_logos/0210bbcb75b7ba7c4519705bd24c324666b9538b.png","batch":"Winter 2023","industry":"B2B","tags":["Developer Tools","Security","API","GraphQL"],"search_path":"https://bookface.ycombinator.com/company/28216"}}